To Next Page

To Previous Page

Ste

Command

Remarks

3. Enter user role VLAN policy

view.

vlan policy deny

By default, the VLAN policies of user

roles permit access to all VLANs.

This command disables the access of

the user role to any VLAN.

4. (Optional.) Specify a list of

VLANs accessible to the

user role.

permit vlan vlan-id-list

By default, no accessible VLANs are

configured.

To add more accessible VLANs,

repeat this step.

Assigning user roles

To control user access to the system, you must assign a minimum of one user role. Make sure a minimum

of one user role among the user roles assigned by the server exists on the device. User role assignment

procedure varies for remote AAA authentication users, local AAA authentication users, and non-AAA

authentication users (see "Assigning user roles")

. For more information about AAA authentication, see

Security Configuration Guide.

Enabling the default user role feature

The default user role feature allows AAA-authenticated users to access the system if the AAA server does

not authorize any user roles to the users.

You can configure this feature to enable an AAA-authenticated user that has not been assigned any user

role to log in with the default user role network-operator.

To enable the default user role feature for AAA authentication users:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enable the default user role

feature.

role default-role enable

By default, the default user role feature

is disabled.

If the none authorization method is

used for local users, you must enable

the default user role feature.

Assigning user roles to remote AAA authentication users

For remote AAA authentication users, user roles are configured on the remote authentication server. For

information about configuring user roles for RADIUS users, see the RADIUS server documentation. For

HWTACACS users, the role configuration must use the roles="role-1 role-2 … role-n" format, where user

roles are space separated. For example, configure roles="level-0 level-1 level-2" to assign level-0, level-1,

and level-2 to an HWTACACS user.

If the AAA server assigns the security-audit user role and other user roles to the same user, only the

security-audit user role takes effect.

Questions and Answers:

Need help?

Do you have a question about the HP 5130 EI series and is the answer not in the manual?

HP 5130 EI series Specifications

General

Layer	Layer 3
VLANs	4094
Multicast Protocols	IGMP, PIM
Operating Temperature	0°C to 45°C
Model	HP 5130 EI
Ports	24 or 48 10/100/1000 ports
Uplink Ports	4 x 1/10G SFP+
Stacking	Up to 9 switches
Power over Ethernet (PoE)	PoE+ (IEEE 802.3at) on PoE+ models (JG936A, JG937A)
Management	Web, CLI, SNMP
MAC Address Table Size	32, 000 entries
Routing Protocols	OSPF, RIP, BGP, static routing
Operating Humidity	10% to 90% (non-condensing)